P
US8799657B2ActiveUtilityPatentIndex 76

Method and system of reconstructing a secret code in a vehicle for performing secure operations

Assignee: BHATTACHARYA DEBOJYOTIPriority: Aug 2, 2012Filed: Aug 2, 2012Granted: Aug 5, 2014
Est. expiryAug 2, 2032(~6.1 yrs left)· nominal 20-yr term from priority
Inventors:BHATTACHARYA DEBOJYOTICHAKRABARTY SUGATOBELLUR BHARGAV RAMCHANDRA
H04L 9/0891G07C 9/00309H04L 9/3242H04L 9/3273G07C 9/00174G07C 2009/00769H04L 2209/84
76
PatentIndex Score
9
Cited by
23
References
23
Claims

Abstract

A method is provided for constructing a secret code in a processing unit when in communication with a portable security unit. Mutual authentication messages are exchanged between a linked portable security unit and processing unit. A first portion of the secret code is communicated to the processing unit. The processing unit combines the first portion and a second portion of the secret code stored in the non-volatile memory of the processing unit. The secret code is stored in a volatile memory of the processing unit. A secure operation is performed using the secret code. The portable security unit is de-linked from the processing unit. At least a portion of the secret code is deleted from the volatile memory of the processing unit.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for constructing a secret code in a processing unit when in communication with a portable security unit, wherein the processing unit and portable security unit each contain respective volatile and non-volatile memory, and wherein the processing unit uses the security code to perform a secure operation, the method comprising the steps of:
 linking the portable security unit with the processing unit; 
 exchanging mutual authentication messages between the portable security unit and the processing unit as a condition to continuing the method; 
 communicating a first portion of the secret code stored in the non-volatile memory of the portable security unit to the processing unit; 
 combining a second portion of the secret code stored in the non-volatile memory of the processing unit with the first portion of the secret code; 
 storing at least the first portion of the secret code in a volatile memory of the processing unit; 
 performing the secure operation using the secret code; 
 splitting the combined secret code into two parts and storing a first part in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit; 
 de-linking the portable security unit from the processing unit, the first part of the secret code being stored in the non volatile memory of the portable security unit prior to de-linking the portable security unit from the processing unit; and 
 deleting at least a portion of the secret code from the volatile memory of the processing unit. 
 
     
     
       2. The method of  claim 1  further comprising the steps of splitting the secret code into two parts and storing a first part in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit. 
     
     
       3. The method of  claim 1  wherein the first portion of the secret code and the second portion of the secret code are encrypted based on a first key, wherein the first key is not stored in the portable security unit, and wherein the first key is used to decrypt the first portion of the secret code and the second portion of the secret code, and wherein the first key is stored in a non-volatile memory of the processing unit. 
     
     
       4. The method of  claim 3  further comprising the steps of:
 generating a next encryption key for replacing the first key used to decrypt the first portion and second portion of the secret code; 
 encrypting the first part of the secret code using the next encryption key; 
 storing the first part of the secret code encrypted by the next encryption key in the portable security unit; and 
 deleting the first key from the non-volatile memory of the processing unit. 
 
     
     
       5. The method of  claim 4  wherein the deleting of the first part of the secret code from the volatile memory of the portable security unit and deleting the first key from the non-volatile memory of the processing unit is performed after an acknowledgment that the first part of the secret code encrypted by the next encryption key has been successfully stored in the portable security unit. 
     
     
       6. The method of  claim 3  wherein the portable security unit includes a dongle embedded in an ignition key for a vehicle, wherein the processing unit includes an electronic control unit of a vehicle, wherein mutual authentication is performed when the ignition key is turned to an on position, wherein the dongle communicates the first portion of the secret code to the electronic control unit in response to a successful mutual authentication between the dongle and the electronic control unit, wherein the first key stored in the non-volatile memory of the electronic control unit decrypts the combined first portion of the secret code and the second portion of the secret code, and wherein secret code is stored in the volatile memory of the electronic control unit. 
     
     
       7. The method of  claim 6  wherein a next encryption key is generated for replacing the first key stored in the non-volatile memory of the electronic control unit, wherein the first part of the secret code is encrypted using the next encryption key, wherein first part of the secret code encrypted by the next encryption key is stored in the dongle prior to an engine being turned off, and wherein the first key is deleted from the non-volatile memory of the processing unit prior to the ignition key being removed from an ignition slot. 
     
     
       8. The method of  claim 1  wherein a symmetrical authentication key is stored in both the portable security unit and the processing unit for authenticating respective authentication signals transmitted between the portable security unit and the processing unit. 
     
     
       9. The method of  claim 1  wherein the mutual authentication includes a first authentication signal sent from one of the portable security unit or processing unit to the other of the portable security unit or processing unit, and a second authentication signal being sent from the other of the portable security unit or processing unit to the one of the portable security unit or processing unit. 
     
     
       10. The method of  claim 1  wherein the secure operation is comprised of an engine start operation. 
     
     
       11. The method of  claim 1  wherein the secure operation is comprised of signing a digital message. 
     
     
       12. A vehicle security system comprising:
 a processing unit for constructing a secret code, the processing unit having a non-volatile memory and a volatile memory; and 
 a portable security unit for linking to the processing unit, the portable security unit communicating with the processing unit for performing mutual authentication between the portable security unit and the processing unit in response to being linked to one another, the portable security unit having a non-volatile memory for storing a first portion of the secret code; 
 wherein the first portion of the secret code is communicated to the processing unit in response to a successful mutual authentication between the portable security unit and the processing unit, wherein the first portion of the secret code is combined with a second portion of the secret code stored in the non-volatile memory of the processing unit, wherein a secure operation is performed using the secret code, wherein the combined secret code is split into two parts, wherein a first part is stored in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit, and wherein the first part of the secret code is stored in the non volatile memory of the portable security unit prior to de-linking the portable security unit from the processing unit. 
 
     
     
       13. The vehicle security system of  claim 12  further comprising a first key for decrypting and encrypting the first portion of the secret code and the second portion of the secret code, the first key being stored only in the non-volatile memory of the processing unit, wherein the combined portions of the secret code are decrypted using the first key stored in the processing unit for performing the secure operation. 
     
     
       14. The vehicle security system of  claim 13  wherein at least a portion of the decrypted secret code is deleted from the non-volatile memory of the processing unit after the portable security unit is de-linked from the processing unit. 
     
     
       15. The vehicle security system of  claim 13  wherein the processing unit generates a next encryption key for replacing the first key used to decrypt the first portion and second portion of the secret code, wherein the secret code is split into two parts, wherein the processing unit encrypts a first part of the secret code and a second part of the secret code using the next encryption key, wherein the portable security unit stores the first part of the secret code encrypted by the next encryption key in the non-volatile memory of the portable security unit, and wherein the processing unit deletes the first key from the non-volatile memory of the processing unit. 
     
     
       16. The vehicle security system of  claim 13  wherein the portable security unit includes a dongle. 
     
     
       17. The vehicle security system of  claim 16  wherein the dongle is integral to an ignition key. 
     
     
       18. The vehicle security system of  claim 13  wherein the processing unit is an electronic control unit within the vehicle. 
     
     
       19. The vehicle system of  claim 18  wherein the wherein the electronic control unit communicates the first part of the secret code encrypted by the next encryption key to the dongle prior to the engine turning off. 
     
     
       20. The vehicle security system of  claim 19  wherein the processing unit deletes at least the portion of the secret code from the volatile memory of the processing unit after an acknowledgment is received from the portable security unit that the first part of the secret code encrypted using the next encryption key is successfully stored in the portable security unit. 
     
     
       21. The vehicle security system of  claim 20  wherein the wherein the processing unit deletes the first key from the non-volatile memory of the vehicle after an acknowledgement that the first part of the secret code encrypted by the next encryption key is successfully stored in the dongle. 
     
     
       22. The vehicle security system of  claim 12  wherein the secure operations includes using the secret code for enabling an engine start operation. 
     
     
       23. The vehicle security system of  claim 12  further comprising a symmetric key stored in the portable security unit and in the processing unit, wherein the symmetric key stored in both the portable security unit and the processing unit is used to mutually authenticate the portable security unit and the processing unit.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.